From owner-freebsd-net  Tue Nov 21 11:20:10 2000
Delivered-To: freebsd-net@freebsd.org
Received: from alice.twopoint.com (unknown [209.64.88.4])
	by hub.freebsd.org (Postfix) with ESMTP id 1B77E37B479
	for <freebsd-net@FreeBSD.ORG>; Tue, 21 Nov 2000 11:20:03 -0800 (PST)
Received: from twopoint.com (hamilton@fred.twopoint.com [192.168.1.3])
	by alice.twopoint.com (8.8.7/8.8.7) with ESMTP id NAA00933;
	Tue, 21 Nov 2000 13:20:12 -0600
Message-ID: <3A1ACB68.E9CA2862@twopoint.com>
Date: Tue, 21 Nov 2000 13:22:16 -0600
From: Hamilton Hoover <hamilton@twopoint.com>
Organization: Two Point Conversions, INC.
X-Mailer: Mozilla 4.75 [en] (X11; U; Linux 2.2.16-22 i686)
X-Accept-Language: en
MIME-Version: 1.0
To: Nick Rogness <nick@rapidnet.com>
Cc: "freebsd-net@freebsd.org" <freebsd-net@FreeBSD.ORG>
Subject: Re: dual homed gateway system running ipfw and nat. need rules help.
References: <Pine.BSF.4.21.0011210747001.92984-100000@rapidnet.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-net@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

First, thanks so much for your help so far. The information I have
learned is invaluable. Should you ever be in my neck of the woods beer
and pizza are on me.

I am so close at this point i can taste it. There are just a few bugs
left that I am having trouble with. At this point I am still not passing
mail from the firewall but I can see in various logs what is stopping
it. I am not sure how to circumvent this.

my natd.conf reads as follows:

dynamic no
use_sockets yes
same_ports yes
redirect_port tcp 192.x.x.x:25 209.x.x.x:25

where 192.x.x.x is the address of the mail server on the private net and
209.x.x.x is the address of the public interface of the firewall.

my firewall script has these rules for passing mail. I'm unsure if I
even need this with the redirect rule in natd.conf but I put it here
anyway. I have tried commenting it and the results were the same.

${fwcmd} add pass tcp from any 25 to 192.x.x.x 25

I have also tried

${fwcmd} add pass tcp from any 25 to 192.x.x.x 25 via ${iip}

Scanning open ports on the public side of the firewall I noticed that
only ssh 22 is open. I need to have port 25 open in order for this to
work right? In rc.conf I have

sendmail_enable "NO"

changing this to

sendmail_enable "yes"

produces sendmail relaying denied errors. I'm pretty sure that I don't
really need sendmail running just to pass itt through the firewall but I
don't seem to be able to open port 25 without it. Additionally I would
like the security email sent to myself and that only seems to work if
sendmail is running.

any more help?

Hamilton Hoover


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-net" in the body of the message